sophos x-ops – Page 5 – PossibleThreat Articles

Clustering attacker behavior reveals hidden patterns

August 8, 2023 0 Comments black basta, featured, hive, mdr, Ransomware, royal, sophos x-ops, tac, threat activity cluster, threat research

Credit to Author: Andrew Brandt| Date: Tue, 08 Aug 2023 10:00:11 +0000

A collection of very specific behaviors, observed by Sophos X-Ops incident response analysts in the lead-up to four separate ransomware attacks in the first quarter of 2023, indicates an unexpected connection between the attacks. In the parlance of the Managed Detection and Response (MDR) team, the peculiarly similar details constitute a threat activity cluster that […]

Security Sophos

Sha zhu pan scam uses AI chat tool to target iPhone and Android users

August 2, 2023 0 Comments #chatgpt, Android, Apple App Store, cryptocurrency, cryptorom, featured, Google Play, iOS, large language models, shazhupan, sophos x-ops, threat research

Credit to Author: Jagadeesh Chandraiah| Date: Wed, 02 Aug 2023 10:00:40 +0000

CryptoRom” fake crypto-trading mobile apps pushed through AI-assisted romance scam, using ChatGPT to lure targets.

Security Sophos

Uncovering an Iranian mobile malware campaign

July 27, 2023 0 Comments Android, banking malware, credentials, featured, Firebase, iran, sophos x-ops, threat research

Credit to Author: Pankaj Kohli| Date: Thu, 27 Jul 2023 10:00:44 +0000

Sophos X-Ops researchers discover a cluster of credential-harvesting apps targeting Iranian bank customers

Security Sophos

Into the tank with Nitrogen

July 26, 2023 0 Comments featured, initial access, malvertising, nitrogen, sideloading, sophos x-ops, threat research

Credit to Author: Gabor Szappanos| Date: Wed, 26 Jul 2023 10:00:04 +0000

The element originally known as “foul air” stinks up computers as a new initial-access campaign exhibiting some uncommon techniques

Security Sophos

Bad ad fad leads to IcedID, Gozi infections

July 20, 2023 0 Comments batloader, fakebat, featured, gozi, icedid, malvertising, mdr, security operations, sophos x-ops, threat research

Credit to Author: Matt Wixey| Date: Thu, 20 Jul 2023 10:00:07 +0000

Malvertising campaigns using paid ads result in infostealer and backdoor attacks

Security Sophos

Microsoft Revokes Malicious Drivers in Patch Tuesday Culling

July 11, 2023 0 Comments 2023-07, anti-edr, drivers, drivers.stl, EDR, featured, fivesys, fk_undead, fu rootkit, netfilter, Patch Tuesday, Patches, rootkit, sophos x-ops, threat research, uac, wfp, windows filtering platform, windows update

Credit to Author: Andrew Brandt| Date: Tue, 11 Jul 2023 17:20:38 +0000

In December 2022, Microsoft published their monthly Windows Update packages that included an advisory about malicious drivers, signed by Microsoft and other code-signing authorities, that Sophos X-Ops (and others) observed threat actors abusing during attacks. Today, Microsoft issued Security Advisory ADV230001 as part of their July Windows Update that addresses Sophos’ discovery of more than […]

Security Sophos

And I Shall Call It Mini-Me GPT: Using Large Language Models to Classify the Uncharted Web

June 22, 2023 0 Comments ai research, bert, featured, gpt-3, large language models, sophos x-ops, t5 large llm, web filtering, website categorization

Credit to Author: gallagherseanm| Date: Thu, 22 Jun 2023 11:30:10 +0000

Sophos AI team employs GPT and other large language models as teachers to train smaller models to label websites.

Security Sophos

The Phantom Menace: Brute Ratel remains rare and targeted

May 18, 2023 0 Comments brute ratel, cobalt strike, featured, havok, meterpreter, post-exploitation tools, sliver, sophos x-ops, threat research

Credit to Author: gallagherseanm| Date: Thu, 18 May 2023 11:00:58 +0000

The commercial attack tool’s use by bad actors has faded after an initial flurry, while Cobalt Strike remains the go-to post-exploitation tool for many.

Security Sophos